Publication View

The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search (2000)

Anand Desai

Abstract

Abstract. We investigate the all-or-nothing encryption paradigm which was introduced by Rivest as a new mode of operation for block ciphers. The paradigm involves composing an all-or-nothing transform (AONT) with an ordinary encryption mode. The goal is to have secure encryption modes with the additional property that exhaustive key-search attacks on them are slowed down by a factor equal to the number of blocks in the ciphertext. We give a new notion concerned with the privacy of keys that provably captures this key-search resistance property. We suggest a new characterization of AONTs and establish that the resulting all-or-nothing encryption paradigm yields secure encryption modes that also meet this notion of key privacy. A consequence of our new characterization is that we get more efficient ways of instantiating the all-or-nothing encryption paradigm. We describe a simple block-cipher-based AONT and prove it secure in the Shannon Model of a block cipher. We also give attacks against alternate paradigms that were believed to have the above keysearch resistance property. 1

Publication details

Download	http://citeseerx.ist.psu.edu/viewdoc/summary?doi=?doi=10.1.1.103.7015
Source	http://www.iacr.org/archive/crypto2000/18800360/18800360.pdf
Publisher	Springer-Verlag
Contributors	CiteSeerX
Repository	CiteSeerX - Scientific Literature Digital Library and Search Engine (United States)
Type	text
Language	English
Relation	10.1.1.41.4144, 10.1.1.117.4734, 10.1.1.103.3915, 10.1.1.124.1982, 10.1.1.55.1059, 10.1.1.46.4442, 10.1.1.126.5020, 10.1.1.59.2192, 10.1.1.84.4132, 10.1.1.115.2941, 10.1.1.12.7373, 10.1.1.74.1607, 10.1.1.91.2869, 10.1.1.101.4399, 10.1.1.26.9966, 10.1.1.28.6423, 10.1.1.5.7802, 10.1.1.6.9076, 10.1.1.81.574, 10.1.1.90.7495, 10.1.1.96.9502, 10.1.1.124.7483, 10.1.1.125.6044